Cognitive Behavioural Therapy (CBT) is a type of talking therapy that helps individuals identify and change unhealthy thinking and behavior patterns. It focuses on current problems and equips people with practical skills to manage challenges.

Does it mean I'm weak or have failed if I want or need coaching?

Seeking coaching is a sign of strength, not weakness. Just like athletes benefit from coaches, personal coaching helps you overcome challenges and thrive.

Do I have to talk about my past?

You have the freedom to choose what you share. In CBT, we primarily focus on current attitudes and beliefs related to present or recurring events. However, if revisiting past experiences would be beneficial, we can explore that too.

How long do sessions go for?

Regular sessions usually last up to 50 minutes. I also offer double sessions which can help super-charge the efficiency of coaching.

Privacy Policy

Name: Talk with Benjamin
Address: Surbiton, Greater London, UK
Price range: ££

Last updated: January 11, 2025

Who We Are

Talk with Benjamin is a cognitive behavioural therapy coaching practice based in Surbiton, Greater London, England. We are committed to protecting your privacy and handling your personal data in accordance with UK data protection laws.

Data Controller: Benjamin Mitchell
Contact Email: [email protected]
Business Address: Surbiton, Greater London, UK
ICO Registration Number: ZB762231

What Information We Collect

When you use our website and services, we collect:

Account Information:

Email address (required for account creation and Magic Link authentication)
Name (optional, for personalisation)

Automatically Collected Information:

IP address (for security and agreement signing audit trail)
Basic browser information (via server logs)
Login and access timestamps

Digital Agreement Data:

Signature data (drawn or typed signatures)
Agreement signing timestamp and IP address
Signed PDF documents (stored securely)

How We Collect Your Information

We collect your personal data when you:

Create an account on our website
Request a Magic Link for secure login
Sign digital coaching agreements
Contact us via email
Use our website (through basic server logging)

Legal Basis for Processing

We process your personal data under the following legal bases:

Legitimate Interest: To provide secure authentication, maintain service security, and deliver coaching services
Contract: To fulfil our coaching services agreement with you
Legal Obligation: To comply with accounting, tax, and professional record-keeping requirements
Consent: For any marketing communications (where you’ve given explicit consent)

How We Use Your Information

We use your personal data to:

Provide Secure Access: Deliver Magic Link authentication for passwordless login
Service Delivery: Manage your coaching portal access and digital agreement signing
Legal Compliance: Maintain audit trails for signed agreements and meet regulatory obligations
Communication: Send authentication emails and service-related updates
Security: Monitor and prevent unauthorized access attempts

Magic Link Authentication

We use Magic Link technology for secure, passwordless login:

Unique, time-limited links sent to your registered email address
Links expire after 30 minutes for security
One-time use only - links become invalid after first use
Access attempts are logged for security monitoring
Sessions last 7 days with secure HTTP-only cookies

We share your personal data only with trusted service providers:

Email Service Provider: Resend (for Magic Link delivery and service communications)
Cloud Storage: Cloudflare R2 (for secure PDF document storage)
Database: Cloudflare D1 (for account and session management)
Hosting: Cloudflare Pages (for website delivery)

All service providers are bound by strict data protection agreements and process data only as instructed.

We never sell your personal data to third parties.

Data Storage and Security

Storage Locations:

Account data: Cloudflare D1 database (EU/UK regions)
Signed PDFs: Cloudflare R2 storage (encrypted at rest)
Email delivery: Resend (EU infrastructure)

Security Measures:

Encryption of data in transit and at rest
Secure session management with HTTP-only cookies
Rate limiting on authentication attempts
Regular security monitoring and updates
Limited access on a need-to-know basis

Data Retention

We retain your personal data for:

Account Information: Until you delete your account, then 30 days for cleanup
Session Data: 7 days (automatic expiry)
Magic Links: 30 minutes (automatic expiry)
Signed Agreements: 7 years after your last coaching session (professional standards requirement)
Email Logs: 30 days (for delivery troubleshooting)

Your Rights

Under UK data protection law, you have the right to:

Access: Request a copy of the personal data we hold about you
Rectification: Ask us to correct inaccurate or incomplete data
Erasure: Request deletion of your personal data (subject to legal retention requirements)
Restrict Processing: Ask us to limit how we use your data
Data Portability: Request your data in a portable format
Object: Object to processing based on legitimate interests
Withdraw Consent: Withdraw consent for any consent-based processing

To exercise these rights, contact us at [email protected]. We’ll respond within one month.

International Transfers

We use UK and EU-based service providers where possible. Our main services are:

Cloudflare: UK/EU data centres with appropriate safeguards
Resend: EU-based email infrastructure

Any data transfers outside the UK/EU are protected by adequacy decisions or standard contractual clauses.

Children’s Privacy

Our services are intended for adults aged 18 and over. We do not knowingly collect personal data from individuals under 18 without appropriate consent.

Changes to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. We’ll notify you of significant changes via email or website notice. The “last updated” date shows when changes were made.

Contact Us

If you have questions about this privacy policy or our data practices:

Email: [email protected]
Response Time: Within 2 business days

Complaints

If you’re not satisfied with how we handle your personal data, you can complain to the Information Commissioner’s Office (ICO):

Website: ico.org.uk
Phone: 0303 123 1113
Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF